admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 19:16:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-29T21:00:25.337314+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-29 21:00:29 +00:00
parent 248df78f79
commit b63ee0c6ca
41 changed files with 2162 additions and 179 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
CVE-2021/CVE-2021-438xx/CVE-2021-43803.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-43803",
"sourceIdentifier": "security-advisories@github.com",
"published": "2021-12-10T00:15:11.827",
"lastModified": "2022-02-17T15:55:14.270",
"lastModified": "2024-01-29T19:58:25.310",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -115,6 +115,43 @@
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*",
"versionStartIncluding": "11.1.0",
"versionEndExcluding": "11.1.3",
"matchCriteriaId": "D413EFEB-941C-4FDD-BA04-32B7902BCFE7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*",
"versionStartIncluding": "12.0.0",
"versionEndExcluding": "12.0.5",
"matchCriteriaId": "C1457A80-9287-4C15-9AF3-8CE57500C4AA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"versionStartExcluding": "15.0.0",
"matchCriteriaId": "E9D4C013-6688-49F4-9966-859759BA5C84"
}
]
}
]
}
],
"references": [

61
CVE-2022/CVE-2022-457xx/CVE-2022-45792.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2022-45792",
"sourceIdentifier": "ot-cert@dragos.com",
"published": "2024-01-22T18:15:19.760",
"lastModified": "2024-01-22T19:10:26.333",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T19:47:44.670",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Project files may contain malicious contents which the software will use to create files on the filesystem. This allows directory traversal and overwriting files with the privileges of the logged-in user."
},
{
"lang": "es",
"value": "Los archivos de proyecto pueden contener contenidos maliciosos que el software utilizar\u00e1 para crear archivos en el sistema de archivos. Esto permite directory traversal y sobrescribir archivos con los privilegios del usuario que ha iniciado sesi\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "ot-cert@dragos.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "ot-cert@dragos.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:omron:sysmac_studio:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.54.0",
"matchCriteriaId": "EDC8385A-565F-4614-AB95-9442DA4E0481"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access/",
"source": "ot-cert@dragos.com"
"source": "ot-cert@dragos.com",
"tags": [
"Third Party Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-228xx/CVE-2023-22836.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-22836",
"sourceIdentifier": "cve-coordination@palantir.com",
"published": "2024-01-29T19:15:08.100",
"lastModified": "2024-01-29T19:15:08.100",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In cases where a multi-tenant stack user is operating Foundry\u2019s Linter service, and the user changes a group name from the default value, the renamed value may be visible to the rest of the stack\u2019s tenants."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@palantir.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cve-coordination@palantir.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=f9bf67ef-be15-4f87-a526-bf6064e8f682",
"source": "cve-coordination@palantir.com"
}
]
}

55
CVE-2023/CVE-2023-309xx/CVE-2023-30970.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-30970",
"sourceIdentifier": "cve-coordination@palantir.com",
"published": "2024-01-29T19:15:08.313",
"lastModified": "2024-01-29T19:15:08.313",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Gotham Table service and Forward App were found to be vulnerable to a Path traversal issue allowing an authenticated user to read arbitrary files on the file system.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@palantir.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "cve-coordination@palantir.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-36"
}
]
}
],
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=69be99ef-ad24-4339-9017-c8bf70789c72",
"source": "cve-coordination@palantir.com"
}
]
}

149
CVE-2023/CVE-2023-429xx/CVE-2023-42915.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42915",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-23T01:15:10.123",
"lastModified": "2024-01-26T17:15:09.950",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-29T19:53:50.083",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,39 +14,166 @@
"value": "Se solucionaron varios problemas actualizando a la versi\u00f3n 8.4.0 de curl. Este problema se solucion\u00f3 en macOS Ventura 13.6.4, macOS Sonoma 14.2, macOS Monterey 12.7.3, iOS 16.7.5 y iPadOS 16.7.5. M\u00faltiples problemas en curl."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.4.0",
"matchCriteriaId": "9D70EB17-D125-4887-B09C-0EC8ACF60308"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionStartExcluding": "16.0",
"versionEndExcluding": "16.7.5",
"matchCriteriaId": "8C2307FA-1412-4727-AD29-541A337A9B97"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionStartExcluding": "16.0",
"versionEndExcluding": "16.7.5",
"matchCriteriaId": "78404384-8393-4F57-8076-C84BCFD58B1D"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.0",
"versionEndExcluding": "12.7.3",
"matchCriteriaId": "ECD0F581-7DA4-428A-A1F5-C9A86DDD99D7"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.6.4",
"matchCriteriaId": "A3916CD8-E6D5-4786-903E-B86026859CE6"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.2",
"matchCriteriaId": "6892DEBD-024E-414B-9282-DCCCF23A3BDD"
}
]
}
]
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/34",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/37",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/38",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214036",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214057",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214058",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214063",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/kb/HT214036",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

75
CVE-2023/CVE-2023-468xx/CVE-2023-46892.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46892",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-23T21:15:08.473",
"lastModified": "2024-01-24T13:49:03.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T20:58:40.270",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,78 @@
"value": "El protocolo de comunicaci\u00f3n por radiofrecuencia utilizado por Meross MSH30Q 4.5.23 es vulnerable a ataques de repetici\u00f3n, lo que permite a los atacantes grabar y reproducir comunicaciones capturadas previamente para ejecutar comandos o acciones no autorizadas (por ejemplo, la temperatura del termostato)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-294"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:meross:msh30q_firmware:4.5.23:*:*:*:*:*:*:*",
"matchCriteriaId": "88053A66-2CE3-4D0B-8119-57C49A3A2014"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:meross:msh30q:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92051225-D526-48A3-8B3C-81BC290AB37D"
}
]
}
]
}
],
"references": [
{
"url": "https://www.kth.se/cs/nse/research/software-systems-architecture-and-security/projects/ethical-hacking-1.1279219",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

75
CVE-2023/CVE-2023-472xx/CVE-2023-47201.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47201",
"sourceIdentifier": "security@trendmicro.com",
"published": "2024-01-23T21:15:08.910",
"lastModified": "2024-01-24T13:49:03.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T20:32:16.123",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,80 @@
"value": "Una vulnerabilidad de validaci\u00f3n del origen del administrador de complementos en el agente de seguridad Trend Micro Apex One podr\u00eda permitir a un atacante local escalar privilegios en las instalaciones afectadas. Tenga en cuenta: un atacante primero debe obtener la capacidad de ejecutar c\u00f3digo con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad. Esta vulnerabilidad es similar, pero no id\u00e9ntica, a CVE-2023-47200."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trendmicro:apex_one:*:*:*:*:saas:*:*:*",
"versionEndExcluding": "14.0.12737",
"matchCriteriaId": "7A784073-28FF-4969-8CF5-8E39E15CCB77"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trendmicro:apex_one:2019:-:*:*:*:*:*:*",
"matchCriteriaId": "219071B9-2D31-4E7F-A0AD-769FE0243B35"
}
]
}
]
}
],
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US",
"source": "security@trendmicro.com"
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1613/",
"source": "security@trendmicro.com"
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

75
CVE-2023/CVE-2023-472xx/CVE-2023-47202.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47202",
"sourceIdentifier": "security@trendmicro.com",
"published": "2024-01-23T21:15:08.957",
"lastModified": "2024-01-24T13:49:03.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T19:57:32.707",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,80 @@
"value": "Una vulnerabilidad de inclusi\u00f3n de archivos locales en el servidor de administraci\u00f3n Trend Micro Apex One podr\u00eda permitir a un atacante local escalar privilegios en las instalaciones afectadas. Tenga en cuenta: un atacante primero debe obtener la capacidad de ejecutar c\u00f3digo con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trendmicro:apex_one:*:*:*:*:saas:*:*:*",
"versionEndExcluding": "14.0.12737",
"matchCriteriaId": "7A784073-28FF-4969-8CF5-8E39E15CCB77"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trendmicro:apex_one:2019:-:*:*:*:*:*:*",
"matchCriteriaId": "219071B9-2D31-4E7F-A0AD-769FE0243B35"
}
]
}
]
}
],
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US",
"source": "security@trendmicro.com"
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1621/",
"source": "security@trendmicro.com"
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

77
CVE-2023/CVE-2023-481xx/CVE-2023-48118.json
View File

@ -2,27 +2,92 @@
"id": "CVE-2023-48118",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-22T19:15:08.947",
"lastModified": "2024-01-22T20:28:17.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T19:29:48.950",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability in Quest Analytics LLC IQCRM v.2023.9.5 allows a remote attacker to execute arbitrary code via a crafted request to the Common.svc WSDL page."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en Quest Analytics LLC IQCRM v.2023.9.5 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de una solicitud manipulada a la p\u00e1gina WSDL Common.svc."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:quest-analytics:iqcrm:2023.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D495282E-2382-41E5-A788-D18BB2B075A4"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/el-dud3rino/CVE-Disclosures/blob/main/Quest%20Analytics%20IQCRM/Proof%20of%20Concept",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
},
{
"url": "https://github.com/el-dud3rino/CVE-Disclosures/blob/main/README.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.quest-analytics.com/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

14
CVE-2023/CVE-2023-493xx/CVE-2023-49314.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-49314",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-28T15:15:07.770",
"lastModified": "2023-12-04T19:02:47.373",
"lastModified": "2024-01-29T20:55:17.567",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -21,19 +21,19 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]

68
CVE-2023/CVE-2023-512xx/CVE-2023-51210.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-51210",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-23T19:15:08.230",
"lastModified": "2024-01-23T19:40:11.110",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T19:38:28.213",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Webkul Bundle Product 6.0.1 allows a remote attacker to execute arbitrary code via the id_product parameters in the UpdateProductQuantity function."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en Webkul Bundle Product 6.0.1 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de los par\u00e1metros id_product en la funci\u00f3n UpdateProductQuantity."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:webkul:bundle_product:6.0.1:*:*:*:*:prestashop:*:*",
"matchCriteriaId": "0DCE8935-0EAC-4585-B2DB-C3293C6EAB4C"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://medium.com/%40nasir.synack/uncovering-critical-vulnerability-cve-2023-51210-in-prestashop-plugin-bundle-product-pack-ad7fb08bdc91",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

18
CVE-2023/CVE-2023-517xx/CVE-2023-51767.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51767",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-24T07:15:07.410",
"lastModified": "2024-01-25T14:15:26.530",
"vulnStatus": "Modified",
"lastModified": "2024-01-29T20:00:11.703",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -130,23 +130,29 @@
"url": "https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/auth-passwd.c#L77",
"source": "cve@mitre.org",
"tags": [
"Patch"
"Product"
]
},
{
"url": "https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/monitor.c#L878",
"source": "cve@mitre.org",
"tags": [
"Patch"
"Product"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20240125-0006/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://ubuntu.com/security/CVE-2023-51767",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

28
CVE-2023/CVE-2023-518xx/CVE-2023-51839.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-51839",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-29T20:15:15.047",
"lastModified": "2024-01-29T20:15:15.047",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "DeviceFarmer stf v3.6.6 suffers from Use of a Broken or Risky Cryptographic Algorithm."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/DeviceFarmer/stf",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/DeviceFarmer/stf/issues/736",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/tianjk99/Cryptographic-Misuses/blob/main/CVE-2023-51839.md",
"source": "cve@mitre.org"
}
]
}

28
CVE-2023/CVE-2023-518xx/CVE-2023-51840.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-51840",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-29T20:15:15.100",
"lastModified": "2024-01-29T20:15:15.100",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "DoraCMS 2.1.8 is vulnerable to Use of Hard-coded Cryptographic Key."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/doramart/DoraCMS",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/doramart/DoraCMS/issues/262",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/tianjk99/Cryptographic-Misuses/blob/main/CVE-2023-51840.md",
"source": "cve@mitre.org"
}
]
}

28
CVE-2023/CVE-2023-518xx/CVE-2023-51842.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-51842",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-29T20:15:15.150",
"lastModified": "2024-01-29T20:15:15.150",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An algorithm-downgrade issue was discovered in Ylianst MeshCentral 1.1.16."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Ylianst/MeshCentral/tree/master",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/tianjk99/Cryptographic-Misuses/blob/main/Bug_MeshCentral.md",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/tianjk99/Cryptographic-Misuses/blob/main/CVE-2023-51842.md",
"source": "cve@mitre.org"
}
]
}

75
CVE-2023/CVE-2023-520xx/CVE-2023-52090.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52090",
"sourceIdentifier": "security@trendmicro.com",
"published": "2024-01-23T21:15:09.123",
"lastModified": "2024-01-24T13:49:03.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T20:08:29.857",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,80 @@
"value": "Una vulnerabilidad de link following del agente de seguridad en Trend Micro Apex One podr\u00eda permitir a un atacante local escalar privilegios en las instalaciones afectadas. Tenga en cuenta: un atacante primero debe obtener la capacidad de ejecutar c\u00f3digo con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-59"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trendmicro:apex_one:*:*:*:*:saas:*:*:*",
"versionEndExcluding": "14.0.12849",
"matchCriteriaId": "A9E837BF-EABA-4A51-83D8-831044DA1AEA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trendmicro:apex_one:2019:-:*:*:*:*:*:*",
"matchCriteriaId": "219071B9-2D31-4E7F-A0AD-769FE0243B35"
}
]
}
]
}
],
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000296151?language=en_US",
"source": "security@trendmicro.com"
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-026/",
"source": "security@trendmicro.com"
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

75
CVE-2023/CVE-2023-520xx/CVE-2023-52091.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52091",
"sourceIdentifier": "security@trendmicro.com",
"published": "2024-01-23T21:15:09.170",
"lastModified": "2024-01-24T13:49:03.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T20:21:10.883",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,80 @@
"value": "Una vulnerabilidad de link following a un motor anti-spyware en Trend Micro Apex One podr\u00eda permitir a un atacante local escalar privilegios en las instalaciones afectadas. Tenga en cuenta: un atacante primero debe obtener la capacidad de ejecutar c\u00f3digo con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-59"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trendmicro:apex_one:*:*:*:*:saas:*:*:*",
"versionEndExcluding": "14.0.12849",
"matchCriteriaId": "A9E837BF-EABA-4A51-83D8-831044DA1AEA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trendmicro:apex_one:2019:-:*:*:*:*:*:*",
"matchCriteriaId": "219071B9-2D31-4E7F-A0AD-769FE0243B35"
}
]
}
]
}
],
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000296151?language=en_US",
"source": "security@trendmicro.com"
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-027/",
"source": "security@trendmicro.com"
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

75
CVE-2023/CVE-2023-520xx/CVE-2023-52092.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52092",
"sourceIdentifier": "security@trendmicro.com",
"published": "2024-01-23T21:15:09.210",
"lastModified": "2024-01-24T13:49:03.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T20:24:47.537",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,80 @@
"value": "Una vulnerabilidad de link following del agente de seguridad en Trend Micro Apex One podr\u00eda permitir a un atacante local escalar privilegios en las instalaciones afectadas. Tenga en cuenta: un atacante primero debe obtener la capacidad de ejecutar c\u00f3digo con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-59"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trendmicro:apex_one:*:*:*:*:saas:*:*:*",
"versionEndExcluding": "14.0.12849",
"matchCriteriaId": "A9E837BF-EABA-4A51-83D8-831044DA1AEA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trendmicro:apex_one:2019:-:*:*:*:*:*:*",
"matchCriteriaId": "219071B9-2D31-4E7F-A0AD-769FE0243B35"
}
]
}
]
}
],
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000296151?language=en_US",
"source": "security@trendmicro.com"
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-025/",
"source": "security@trendmicro.com"
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

11
CVE-2023/CVE-2023-65xx/CVE-2023-6524.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6524",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-03T06:15:47.120",
"lastModified": "2024-01-09T21:07:07.617",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-29T19:15:08.523",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -98,11 +98,8 @@
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3001436%40mappress-google-maps-for-wordpress%2Ftags%2F2.88.13&new=3015598%40mappress-google-maps-for-wordpress%2Ftags%2F2.88.14#file31",
"source": "security@wordfence.com",
"tags": [
"Patch"
]
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3015598%40mappress-google-maps-for-wordpress%2Ftrunk&old=3001436%40mappress-google-maps-for-wordpress%2Ftrunk&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/28a8f025-c2ab-4a5f-a99e-a2d19b14a190?source=cve",

69
CVE-2023/CVE-2023-69xx/CVE-2023-6926.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6926",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-01-23T20:15:45.233",
"lastModified": "2024-01-24T13:49:03.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T20:56:34.097",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -50,10 +80,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:crestron:am-300_firmware:1.4499.00018:*:*:*:*:*:*:*",
"matchCriteriaId": "3E71A698-2505-4C86-A2B0-161C051AC573"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:crestron:am-300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2A0894F-6D87-40C4-B386-99A31034ADDF"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-02",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

74
CVE-2024/CVE-2024-02xx/CVE-2024-0204.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0204",
"sourceIdentifier": "df4dee71-de3a-4139-9588-11b62fe6c0ff",
"published": "2024-01-22T18:15:20.137",
"lastModified": "2024-01-24T16:15:08.527",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T19:36:52.633",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "df4dee71-de3a-4139-9588-11b62fe6c0ff",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-425"
}
]
},
{
"source": "df4dee71-de3a-4139-9588-11b62fe6c0ff",
"type": "Secondary",
@ -50,18 +80,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortra:goanywhere_managed_file_transfer:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndExcluding": "7.4.1",
"matchCriteriaId": "383EAFF6-9DE9-4054-8C0E-B685C9509EB6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortra:goanywhere_managed_file_transfer:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8BBD2B0B-3524-4138-8138-39DA5D0434F0"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/176683/GoAnywhere-MFT-Authentication-Bypass.html",
"source": "df4dee71-de3a-4139-9588-11b62fe6c0ff"
"source": "df4dee71-de3a-4139-9588-11b62fe6c0ff",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml",
"source": "df4dee71-de3a-4139-9588-11b62fe6c0ff"
"source": "df4dee71-de3a-4139-9588-11b62fe6c0ff",
"tags": [
"Permissions Required"
]
},
{
"url": "https://www.fortra.com/security/advisory/fi-2024-001",
"source": "df4dee71-de3a-4139-9588-11b62fe6c0ff"
"source": "df4dee71-de3a-4139-9588-11b62fe6c0ff",
"tags": [
"Vendor Advisory"
]
}
]
}

92
CVE-2024/CVE-2024-07xx/CVE-2024-0775.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0775",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-22T13:15:25.137",
"lastModified": "2024-01-22T14:01:09.553",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T19:08:44.387",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free flaw was found in the __ext4_remount in fs/ext4/super.c in ext4 in the Linux kernel. This flaw allows a local user to cause an information leak problem while freeing the old quota file names before a potential failure, leading to a use-after-free."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla de use-after-free en __ext4_remount en fs/ext4/super.c en ext4 en el kernel de Linux. Esta falla permite que un usuario local cause un problema de fuga de informaci\u00f3n mientras libera los nombres de archivos de cuota antiguos antes de una posible falla, lo que lleva a un use-after-free."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -46,18 +80,66 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.4",
"matchCriteriaId": "18D12E25-2947-44E7-989D-24450E013A1F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "38BC6744-7D25-4C02-9966-B224CD071D30"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2024-0775",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259414",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://scm.linefinity.com/common/linux-stable/commit/4c0b4818b1f636bc96359f7817a2d8bab6370162",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Patch"
]
}
]
}

67
CVE-2024/CVE-2024-07xx/CVE-2024-0783.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0783",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-22T18:15:20.393",
"lastModified": "2024-01-22T19:10:26.333",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T19:14:47.003",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Project Worlds Online Admission System 1.0 and classified as critical. This issue affects some unknown processing of the file documents.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251699."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Project Worlds Online Admission System 1.0 y clasificada como cr\u00edtica. Este problema afecta un procesamiento desconocido del archivo documents.php. La manipulaci\u00f3n conduce a una carga sin restricciones. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-251699."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,22 +95,53 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:online_admission_system_project:online_admission_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "47939A64-EB17-40DB-A9A7-9718400F592E"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/keru6k/Online-Admission-System-RCE-PoC",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://github.com/keru6k/Online-Admission-System-RCE-PoC/blob/main/poc.py",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.251699",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.251699",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

57
CVE-2024/CVE-2024-07xx/CVE-2024-0784.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0784",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-22T18:15:20.623",
"lastModified": "2024-01-25T15:15:07.607",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T19:18:11.503",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +95,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hongmaple:octopus:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5564EB82-D0CE-4DD8-B45C-AFA07A8D38DD"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/biantaibao/octopus_SQL/blob/main/report.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.251700",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.251700",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

92
CVE-2024/CVE-2024-10xx/CVE-2024-1017.json Normal file
View File

@ -0,0 +1,92 @@
{
"id": "CVE-2024-1017",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-29T19:15:08.637",
"lastModified": "2024-01-29T19:15:08.637",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Gabriels FTP Server 1.2. It has been rated as problematic. This issue affects some unknown processing. The manipulation of the argument USERNAME leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-252287."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-404"
}
]
}
],
"references": [
{
"url": "https://packetstormsecurity.com/files/176714/Gabriels-FTP-Server-1.2-Denial-Of-Service.html",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.252287",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.252287",
"source": "cna@vuldb.com"
},
{
"url": "https://www.youtube.com/watch?v=wwHuXfYS8yQ",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-10xx/CVE-2024-1018.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-1018",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-29T20:15:15.197",
"lastModified": "2024-01-29T20:15:15.197",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in PbootCMS 3.2.5-20230421. Affected is an unknown function of the file /admin.php?p=/Area/index#tab=t2. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252288."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW"
},
"exploitabilityScore": 0.9,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "MULTIPLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 3.3
},
"baseSeverity": "LOW",
"exploitabilityScore": 6.4,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/1MurasaKi/PboostCMS_XSS/blob/main/README.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.252288",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.252288",
"source": "cna@vuldb.com"
}
]
}

89
CVE-2024/CVE-2024-214xx/CVE-2024-21484.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21484",
"sourceIdentifier": "report@snyk.io",
"published": "2024-01-22T05:15:08.720",
"lastModified": "2024-01-22T14:01:09.553",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T19:29:03.967",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
},
{
"source": "report@snyk.io",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
},
{
"source": "report@snyk.io",
"type": "Secondary",
@ -50,30 +80,73 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jsrsasign_project:jsrsasign:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "11.0.0",
"matchCriteriaId": "4651F559-5FE3-40F1-94FD-355954307381"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/kjur/jsrsasign/issues/598",
"source": "report@snyk.io"
"source": "report@snyk.io",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://github.com/kjur/jsrsasign/releases/tag/11.0.0",
"source": "report@snyk.io"
"source": "report@snyk.io",
"tags": [
"Patch",
"Release Notes"
]
},
{
"url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6070734",
"source": "report@snyk.io"
"source": "report@snyk.io",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBKJUR-6070733",
"source": "report@snyk.io"
"source": "report@snyk.io",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6070732",
"source": "report@snyk.io"
"source": "report@snyk.io",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-6070731",
"source": "report@snyk.io"
"source": "report@snyk.io",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}

77
CVE-2024/CVE-2024-222xx/CVE-2024-22205.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-22205",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-23T18:15:18.667",
"lastModified": "2024-01-23T19:40:11.110",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T19:48:58.590",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Whoogle Search is a self-hosted metasearch engine. In versions 0.8.3 and prior, the `window` endpoint does not sanitize user-supplied input from the `location` variable and passes it to the `send` method which sends a `GET` request on lines 339-343 in `request.py,` which leads to a server-side request forgery. This issue allows for crafting GET requests to internal and external resources on behalf of the server. For example, this issue would allow for accessing resources on the internal network that the server has access to, even though these resources may not be accessible on the internet. This issue is fixed in version 0.8.4.\n\n"
},
{
"lang": "es",
"value": "Whoogle Search es un metabuscador autohospedado. En las versiones 0.8.3 y anteriores, el punto final `window` no desinfecta la entrada proporcionada por el usuario desde la variable `location` y la pasa al m\u00e9todo `send` que env\u00eda una solicitud `GET` en las l\u00edneas 339-343 en `request .py`, lo que conduce a server-side request forgery. Este problema permite elaborar solicitudes GET a recursos internos y externos en nombre del servidor. Por ejemplo, este problema permitir\u00eda acceder a recursos en la red interna a la que tiene acceso el servidor, aunque es posible que no se pueda acceder a estos recursos en Internet. Este problema se solucion\u00f3 en la versi\u00f3n 0.8.4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,30 +70,67 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:benbusby:whoogle_search:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.8.4",
"matchCriteriaId": "D3DA218E-B891-4381-97E4-F0F1147E6309"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/request.py#L339-L343",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/routes.py#L479",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/routes.py#L496-L557",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/routes.py#L497",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/benbusby/whoogle-search/commit/3a2e0b262e4a076a20416b45e6b6f23fd265aeda",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://securitylab.github.com/advisories/GHSL-2023-186_GHSL-2023-189_benbusby_whoogle-search/",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

87
CVE-2024/CVE-2024-224xx/CVE-2024-22417.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-22417",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-23T18:15:18.860",
"lastModified": "2024-01-23T19:40:11.110",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T19:44:57.763",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Whoogle Search is a self-hosted metasearch engine. In versions 0.8.3 and prior, the `element` method in `app/routes.py` does not validate the user-controlled `src_type` and `element_url` variables and passes them to the `send` method which sends a `GET` request on lines 339-343 in `requests.py`. The returned contents of the URL are then passed to and reflected back to the user in the `send_file` function on line 484, together with the user-controlled `src_type`, which allows the attacker to control the HTTP response content type leading to a cross-site scripting vulnerability. An attacker could craft a special URL to point to a malicious website and send the link to a victim. The fact that the link would contain a trusted domain (e.g. from one of public Whoogle instances) could be used to trick the user into clicking the link.The malicious website could, for example, be a copy of a real website, meant to steal a person\u2019s credentials to the website, or trick that person in another way. Version 0.8.4 contains a patch for this issue."
},
{
"lang": "es",
"value": "Whoogle Search es un metabuscador autohospedado. En las versiones 0.8.3 y anteriores, el m\u00e9todo `element` en `app/routes.py` no valida las variables `src_type` y `element_url` controladas por el usuario y las pasa al m\u00e9todo `send` que env\u00eda un `GET `solicitud en las l\u00edneas 339-343 en `requests.py`. El contenido devuelto de la URL luego se pasa y se refleja al usuario en la funci\u00f3n `send_file` en la l\u00ednea 484, junto con el `src_type` controlado por el usuario, que permite al atacante controlar el tipo de contenido de la respuesta HTTP que conduce a una vulnerabilidad de cross-site scripting. Un atacante podr\u00eda crear una URL especial para apuntar a un sitio web malicioso y enviar el enlace a una v\u00edctima. El hecho de que el enlace contenga un dominio confiable (por ejemplo, de una de las instancias p\u00fablicas de Whoogle) podr\u00eda usarse para enga\u00f1ar al usuario para que haga clic en el enlace. El sitio web malicioso podr\u00eda, por ejemplo, ser una copia de un sitio web real, destinado a robar. las credenciales de una persona para el sitio web, o enga\u00f1ar a esa persona de otra manera. La versi\u00f3n 0.8.4 contiene un parche para este problema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,38 +70,81 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:benbusby:whoogle_search:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.8.4",
"matchCriteriaId": "D3DA218E-B891-4381-97E4-F0F1147E6309"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/request.py#L339-L343",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/routes.py#L465-L490",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/routes.py#L466",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/routes.py#L476",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/routes.py#L479",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/routes.py#L484C6-L484C7",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/benbusby/whoogle-search/commit/3a2e0b262e4a076a20416b45e6b6f23fd265aeda",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://securitylab.github.com/advisories/GHSL-2023-186_GHSL-2023-189_benbusby_whoogle-search/",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

20
CVE-2024/CVE-2024-225xx/CVE-2024-22570.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-22570",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-29T20:15:15.420",
"lastModified": "2024-01-29T20:15:15.420",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in /install.php?m=install&c=index&a=step3 of GreenCMS v2.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Num-Nine/CVE/issues/11",
"source": "cve@mitre.org"
}
]
}

66
CVE-2024/CVE-2024-237xx/CVE-2024-23752.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23752",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-22T01:15:08.607",
"lastModified": "2024-01-22T14:01:09.553",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T19:27:17.040",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,69 @@
"value": "GenerateSDFPipeline en Synthetic_dataframe en PandasAI (tambi\u00e9n conocido como pandas-ai) hasta 1.5.17 permite a los atacantes activar la generaci\u00f3n de c\u00f3digo Python arbitrario que es ejecutado por SDFCodeExecutor. Un atacante puede crear un marco de datos que proporcione una especificaci\u00f3n en ingl\u00e9s de este c\u00f3digo Python. NOTA: el proveedor intent\u00f3 anteriormente restringir la ejecuci\u00f3n del c\u00f3digo en respuesta a un problema separado, CVE-2023-39660."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gabrieleventuri:pandasai:*:*:*:*:*:python:*:*",
"versionEndIncluding": "1.5.17",
"matchCriteriaId": "14CBB3DD-8C76-4489-9ED7-97DF5E46B561"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/gventuri/pandas-ai/issues/868",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Vendor Advisory"
]
}
]
}

74
CVE-2024/CVE-2024-239xx/CVE-2024-23904.json
View File

@ -2,23 +2,87 @@
"id": "CVE-2024-23904",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2024-01-24T18:15:09.707",
"lastModified": "2024-01-24T18:45:30.823",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T19:26:29.770",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Jenkins Log Command Plugin 1.0.2 and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read content from arbitrary files on the Jenkins controller file system."
},
{
"lang": "es",
"value": "Jenkins Log Command Plugin 1.0.2 y versiones anteriores no desactivan una funci\u00f3n de su analizador de comandos que reemplaza un car\u00e1cter '@' seguido de una ruta de archivo en un argumento con el contenido del archivo, permitiendo a atacantes no autenticados leer contenido de archivos arbitrarios en el sistema de archivos del controlador Jenkins."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:log_command:*:*:*:*:*:jenkins:*:*",
"versionEndIncluding": "1.0.2",
"matchCriteriaId": "ACF88D0D-345A-4443-8A67-D133DB82BBBB"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/24/6",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3334",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

74
CVE-2024/CVE-2024-239xx/CVE-2024-23905.json
View File

@ -2,23 +2,87 @@
"id": "CVE-2024-23905",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2024-01-24T18:15:09.750",
"lastModified": "2024-01-24T18:45:30.823",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-29T19:26:11.517",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Jenkins Red Hat Dependency Analytics Plugin 0.7.1 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download."
},
{
"lang": "es",
"value": "El complemento Jenkins Red Hat Dependency Analytics 0.7.1 y versiones anteriores deshabilita mediante programaci\u00f3n la protecci\u00f3n de la pol\u00edtica de seguridad de contenido para el contenido generado por el usuario en espacios de trabajo, artefactos archivados, etc. que Jenkins ofrece para descargar."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:red_hat_dependency_analytics:*:*:*:*:*:jenkins:*:*",
"versionEndIncluding": "0.7.1",
"matchCriteriaId": "EA0AECA6-19B8-42BD-9272-33BBB12A8A18"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/24/6",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3322",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

28
CVE-2024/CVE-2024-239xx/CVE-2024-23940.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2024-23940",
"sourceIdentifier": "security@trendmicro.com",
"published": "2024-01-29T19:15:08.887",
"lastModified": "2024-01-29T19:15:08.887",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Trend Micro uiAirSupport, included in the Trend Micro Security 2023 family of consumer products, version 6.0.2092 and below is vulnerable to a DLL hijacking/proxying vulnerability, which if exploited could allow an attacker to impersonate and modify a library to execute code on the system and ultimately escalate privileges on an affected system."
}
],
"metrics": {},
"references": [
{
"url": "https://helpcenter.trendmicro.com/en-us/article/tmka-12134",
"source": "security@trendmicro.com"
},
{
"url": "https://helpcenter.trendmicro.com/ja-jp/article/tmka-12132",
"source": "security@trendmicro.com"
},
{
"url": "https://medium.com/@s1kr10s/av-when-a-friend-becomes-an-enemy-55f41aba42b1",
"source": "security@trendmicro.com"
}
]
}

20
CVE-2024/CVE-2024-241xx/CVE-2024-24134.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-24134",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-29T19:15:08.940",
"lastModified": "2024-01-29T19:15:08.940",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Sourcecodester Online Food Menu 1.0 is vulnerable to Cross Site Scripting (XSS) via the 'Menu Name' and 'Description' fields in the Update Menu section."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/BurakSevben/2024_Online_Food_Menu_XSS/",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-241xx/CVE-2024-24135.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-24135",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-29T19:15:08.990",
"lastModified": "2024-01-29T19:15:08.990",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Product Name and Product Code in the 'Add Product' section of Sourcecodester Product Inventory with Export to Excel 1.0 are vulnerable to XSS attacks."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/BurakSevben/2024_Product_Inventory_with_Export_to_Excel_XSS/",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-241xx/CVE-2024-24136.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-24136",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-29T20:15:15.467",
"lastModified": "2024-01-29T20:15:15.467",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The 'Your Name' field in the Submit Score section of Sourcecodester Math Game with Leaderboard v1.0 is vulnerable to Cross-Site Scripting (XSS) attacks."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/BurakSevben/2024_Math_Game_XSS",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-241xx/CVE-2024-24139.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-24139",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-29T20:15:15.517",
"lastModified": "2024-01-29T20:15:15.517",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Sourcecodester Login System with Email Verification 1.0 allows SQL Injection via the 'user' parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/BurakSevben/Login_System_with_Email_Verification_SQL_Injection/",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-241xx/CVE-2024-24140.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-24140",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-29T20:15:15.557",
"lastModified": "2024-01-29T20:15:15.557",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Sourcecodester Daily Habit Tracker App 1.0 allows SQL Injection via the parameter 'tracker.'"
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/BurakSevben/Daily_Habit_Tracker_App_SQL_Injection",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-241xx/CVE-2024-24141.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-24141",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-29T20:15:15.600",
"lastModified": "2024-01-29T20:15:15.600",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Sourcecodester School Task Manager App 1.0 allows SQL Injection via the 'task' parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/BurakSevben/School-Task-Manager-System-SQLi-1",
"source": "cve@mitre.org"
}
]
}

86
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-01-29T19:00:24.155820+00:00
2024-01-29T21:00:25.337314+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-01-29T18:47:58.443000+00:00
2024-01-29T20:58:40.270000+00:00
```
### Last Data Feed Release
@ -29,55 +29,59 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
237052
237067
```
### CVEs added in the last Commit
Recently added CVEs: `11`
Recently added CVEs: `15`
* [CVE-2023-1705](CVE-2023/CVE-2023-17xx/CVE-2023-1705.json) (`2024-01-29T17:15:08.123`)
* [CVE-2023-40546](CVE-2023/CVE-2023-405xx/CVE-2023-40546.json) (`2024-01-29T17:15:08.347`)
* [CVE-2023-40549](CVE-2023/CVE-2023-405xx/CVE-2023-40549.json) (`2024-01-29T17:15:08.580`)
* [CVE-2023-40550](CVE-2023/CVE-2023-405xx/CVE-2023-40550.json) (`2024-01-29T17:15:08.773`)
* [CVE-2023-40551](CVE-2023/CVE-2023-405xx/CVE-2023-40551.json) (`2024-01-29T17:15:08.970`)
* [CVE-2024-0788](CVE-2024/CVE-2024-07xx/CVE-2024-0788.json) (`2024-01-29T17:15:09.520`)
* [CVE-2024-1009](CVE-2024/CVE-2024-10xx/CVE-2024-1009.json) (`2024-01-29T17:15:09.727`)
* [CVE-2024-1010](CVE-2024/CVE-2024-10xx/CVE-2024-1010.json) (`2024-01-29T17:15:09.967`)
* [CVE-2024-1011](CVE-2024/CVE-2024-10xx/CVE-2024-1011.json) (`2024-01-29T17:15:10.213`)
* [CVE-2024-23828](CVE-2024/CVE-2024-238xx/CVE-2024-23828.json) (`2024-01-29T17:15:10.457`)
* [CVE-2024-1016](CVE-2024/CVE-2024-10xx/CVE-2024-1016.json) (`2024-01-29T18:15:07.800`)
* [CVE-2023-22836](CVE-2023/CVE-2023-228xx/CVE-2023-22836.json) (`2024-01-29T19:15:08.100`)
* [CVE-2023-30970](CVE-2023/CVE-2023-309xx/CVE-2023-30970.json) (`2024-01-29T19:15:08.313`)
* [CVE-2023-51839](CVE-2023/CVE-2023-518xx/CVE-2023-51839.json) (`2024-01-29T20:15:15.047`)
* [CVE-2023-51840](CVE-2023/CVE-2023-518xx/CVE-2023-51840.json) (`2024-01-29T20:15:15.100`)
* [CVE-2023-51842](CVE-2023/CVE-2023-518xx/CVE-2023-51842.json) (`2024-01-29T20:15:15.150`)
* [CVE-2024-1017](CVE-2024/CVE-2024-10xx/CVE-2024-1017.json) (`2024-01-29T19:15:08.637`)
* [CVE-2024-23940](CVE-2024/CVE-2024-239xx/CVE-2024-23940.json) (`2024-01-29T19:15:08.887`)
* [CVE-2024-24134](CVE-2024/CVE-2024-241xx/CVE-2024-24134.json) (`2024-01-29T19:15:08.940`)
* [CVE-2024-24135](CVE-2024/CVE-2024-241xx/CVE-2024-24135.json) (`2024-01-29T19:15:08.990`)
* [CVE-2024-1018](CVE-2024/CVE-2024-10xx/CVE-2024-1018.json) (`2024-01-29T20:15:15.197`)
* [CVE-2024-22570](CVE-2024/CVE-2024-225xx/CVE-2024-22570.json) (`2024-01-29T20:15:15.420`)
* [CVE-2024-24136](CVE-2024/CVE-2024-241xx/CVE-2024-24136.json) (`2024-01-29T20:15:15.467`)
* [CVE-2024-24139](CVE-2024/CVE-2024-241xx/CVE-2024-24139.json) (`2024-01-29T20:15:15.517`)
* [CVE-2024-24140](CVE-2024/CVE-2024-241xx/CVE-2024-24140.json) (`2024-01-29T20:15:15.557`)
* [CVE-2024-24141](CVE-2024/CVE-2024-241xx/CVE-2024-24141.json) (`2024-01-29T20:15:15.600`)
### CVEs modified in the last Commit
Recently modified CVEs: `32`
Recently modified CVEs: `25`
* [CVE-2023-41176](CVE-2023/CVE-2023-411xx/CVE-2023-41176.json) (`2024-01-29T17:36:19.543`)
* [CVE-2023-38627](CVE-2023/CVE-2023-386xx/CVE-2023-38627.json) (`2024-01-29T17:37:16.250`)
* [CVE-2023-38626](CVE-2023/CVE-2023-386xx/CVE-2023-38626.json) (`2024-01-29T17:37:47.613`)
* [CVE-2023-38625](CVE-2023/CVE-2023-386xx/CVE-2023-38625.json) (`2024-01-29T17:38:01.783`)
* [CVE-2023-38624](CVE-2023/CVE-2023-386xx/CVE-2023-38624.json) (`2024-01-29T17:38:08.507`)
* [CVE-2023-24135](CVE-2023/CVE-2023-241xx/CVE-2023-24135.json) (`2024-01-29T18:26:55.150`)
* [CVE-2023-42937](CVE-2023/CVE-2023-429xx/CVE-2023-42937.json) (`2024-01-29T18:33:19.387`)
* [CVE-2023-42935](CVE-2023/CVE-2023-429xx/CVE-2023-42935.json) (`2024-01-29T18:38:29.587`)
* [CVE-2024-22416](CVE-2024/CVE-2024-224xx/CVE-2024-22416.json) (`2024-01-29T17:02:04.487`)
* [CVE-2024-0553](CVE-2024/CVE-2024-05xx/CVE-2024-0553.json) (`2024-01-29T17:15:09.360`)
* [CVE-2024-22233](CVE-2024/CVE-2024-222xx/CVE-2024-22233.json) (`2024-01-29T17:24:16.230`)
* [CVE-2024-20277](CVE-2024/CVE-2024-202xx/CVE-2024-20277.json) (`2024-01-29T17:32:14.123`)
* [CVE-2024-23345](CVE-2024/CVE-2024-233xx/CVE-2024-23345.json) (`2024-01-29T17:34:14.987`)
* [CVE-2024-0782](CVE-2024/CVE-2024-07xx/CVE-2024-0782.json) (`2024-01-29T17:35:21.890`)
* [CVE-2024-22497](CVE-2024/CVE-2024-224xx/CVE-2024-22497.json) (`2024-01-29T17:38:24.050`)
* [CVE-2024-22496](CVE-2024/CVE-2024-224xx/CVE-2024-22496.json) (`2024-01-29T17:38:30.827`)
* [CVE-2024-22663](CVE-2024/CVE-2024-226xx/CVE-2024-22663.json) (`2024-01-29T17:39:00.067`)
* [CVE-2024-22662](CVE-2024/CVE-2024-226xx/CVE-2024-22662.json) (`2024-01-29T17:39:08.667`)
* [CVE-2024-22705](CVE-2024/CVE-2024-227xx/CVE-2024-22705.json) (`2024-01-29T17:39:39.253`)
* [CVE-2024-23678](CVE-2024/CVE-2024-236xx/CVE-2024-23678.json) (`2024-01-29T17:44:47.153`)
* [CVE-2024-23677](CVE-2024/CVE-2024-236xx/CVE-2024-23677.json) (`2024-01-29T17:52:50.727`)
* [CVE-2024-23676](CVE-2024/CVE-2024-236xx/CVE-2024-23676.json) (`2024-01-29T17:57:24.363`)
* [CVE-2024-23675](CVE-2024/CVE-2024-236xx/CVE-2024-23675.json) (`2024-01-29T18:04:13.527`)
* [CVE-2024-23897](CVE-2024/CVE-2024-238xx/CVE-2024-23897.json) (`2024-01-29T18:15:08.037`)
* [CVE-2024-21319](CVE-2024/CVE-2024-213xx/CVE-2024-21319.json) (`2024-01-29T18:47:58.443`)
* [CVE-2021-43803](CVE-2021/CVE-2021-438xx/CVE-2021-43803.json) (`2024-01-29T19:58:25.310`)
* [CVE-2022-45792](CVE-2022/CVE-2022-457xx/CVE-2022-45792.json) (`2024-01-29T19:47:44.670`)
* [CVE-2023-6524](CVE-2023/CVE-2023-65xx/CVE-2023-6524.json) (`2024-01-29T19:15:08.523`)
* [CVE-2023-48118](CVE-2023/CVE-2023-481xx/CVE-2023-48118.json) (`2024-01-29T19:29:48.950`)
* [CVE-2023-51210](CVE-2023/CVE-2023-512xx/CVE-2023-51210.json) (`2024-01-29T19:38:28.213`)
* [CVE-2023-42915](CVE-2023/CVE-2023-429xx/CVE-2023-42915.json) (`2024-01-29T19:53:50.083`)
* [CVE-2023-47202](CVE-2023/CVE-2023-472xx/CVE-2023-47202.json) (`2024-01-29T19:57:32.707`)
* [CVE-2023-51767](CVE-2023/CVE-2023-517xx/CVE-2023-51767.json) (`2024-01-29T20:00:11.703`)
* [CVE-2023-52090](CVE-2023/CVE-2023-520xx/CVE-2023-52090.json) (`2024-01-29T20:08:29.857`)
* [CVE-2023-52091](CVE-2023/CVE-2023-520xx/CVE-2023-52091.json) (`2024-01-29T20:21:10.883`)
* [CVE-2023-52092](CVE-2023/CVE-2023-520xx/CVE-2023-52092.json) (`2024-01-29T20:24:47.537`)
* [CVE-2023-47201](CVE-2023/CVE-2023-472xx/CVE-2023-47201.json) (`2024-01-29T20:32:16.123`)
* [CVE-2023-49314](CVE-2023/CVE-2023-493xx/CVE-2023-49314.json) (`2024-01-29T20:55:17.567`)
* [CVE-2023-6926](CVE-2023/CVE-2023-69xx/CVE-2023-6926.json) (`2024-01-29T20:56:34.097`)
* [CVE-2023-46892](CVE-2023/CVE-2023-468xx/CVE-2023-46892.json) (`2024-01-29T20:58:40.270`)
* [CVE-2024-0775](CVE-2024/CVE-2024-07xx/CVE-2024-0775.json) (`2024-01-29T19:08:44.387`)
* [CVE-2024-0783](CVE-2024/CVE-2024-07xx/CVE-2024-0783.json) (`2024-01-29T19:14:47.003`)
* [CVE-2024-0784](CVE-2024/CVE-2024-07xx/CVE-2024-0784.json) (`2024-01-29T19:18:11.503`)
* [CVE-2024-23905](CVE-2024/CVE-2024-239xx/CVE-2024-23905.json) (`2024-01-29T19:26:11.517`)
* [CVE-2024-23904](CVE-2024/CVE-2024-239xx/CVE-2024-23904.json) (`2024-01-29T19:26:29.770`)
* [CVE-2024-23752](CVE-2024/CVE-2024-237xx/CVE-2024-23752.json) (`2024-01-29T19:27:17.040`)
* [CVE-2024-21484](CVE-2024/CVE-2024-214xx/CVE-2024-21484.json) (`2024-01-29T19:29:03.967`)
* [CVE-2024-0204](CVE-2024/CVE-2024-02xx/CVE-2024-0204.json) (`2024-01-29T19:36:52.633`)
* [CVE-2024-22417](CVE-2024/CVE-2024-224xx/CVE-2024-22417.json) (`2024-01-29T19:44:57.763`)
* [CVE-2024-22205](CVE-2024/CVE-2024-222xx/CVE-2024-22205.json) (`2024-01-29T19:48:58.590`)
## Download and Usage